Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,878
Maven
5,000+
npm
3,602
NuGet
638
pip
3,203
Pub
10
RubyGems
852
Rust
814
Swift
35
Unreviewed advisories
All unreviewed
5,000+

19,932 advisories

Loading
libsbmlsim downloads Resources over HTTP High
CVE-2016-10675 was published for libsbmlsim (npm) Feb 18, 2019
OS Command Injection in Locutus Critical
CVE-2020-13619 was published for locutus (npm) Jul 26, 2021
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
Prototype Pollution in deephas Critical
CVE-2020-28271 was published for deephas (npm) Sep 24, 2021
Path Traversal in node-red-contrib-huemagic High
CVE-2021-25864 was published for node-red-contrib-huemagic (npm) Apr 13, 2021
openssl.js is malware High
CVE-2017-16065 was published for openssl.js (npm) Aug 29, 2018
Directory Traversal in intsol-package High
CVE-2017-16178 was published for intsol-package (npm) Jul 23, 2018
mssql-node is malware High
CVE-2017-16059 was published for mssql-node (npm) Nov 9, 2018
libsbml downloads Resources over HTTP High
CVE-2016-10668 was published for libsbml (npm) Feb 18, 2019
Insecure Defaults Allow MITM Over TLS in engine.io-client Moderate
CVE-2016-10536 was published for engine.io-client (npm) Feb 18, 2019
Directory Traversal in utahcityfinder High
CVE-2017-16173 was published for utahcityfinder (npm) Jul 23, 2018
Marked vulnerable to XSS from data URIs Moderate
CVE-2017-1000427 was published for marked (npm) Jan 4, 2018
Path Traversal in takeapeek Moderate
CVE-2018-16473 was published for takeapeek (npm) Nov 6, 2018
Phoenix Arbitrary URL Redirect Moderate
CVE-2017-1000163 was published for phoenix (Erlang) Apr 12, 2022
Helm vulnerable to denial of service through through repository index file Moderate
CVE-2022-23525 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
AdamKorcz DavidKorczynski
ADOdb Library SQL Injection Critical
CVE-2016-7405 was published for adodb/adodb-php (Composer) May 17, 2022
Directory Traversal in serverliujiayi1 High
CVE-2017-16095 was published for serverliujiayi1 (npm) Sep 1, 2020
Directory Traversal in serverwzl High
CVE-2017-16105 was published for serverwzl (npm) Sep 1, 2020
Command Execution in windows-cpu Critical
CVE-2017-1000219 was published for windows-cpu (npm) Sep 1, 2020
Cross-site scripting in jspdf Moderate
CVE-2020-7690 was published for jspdf (npm) May 17, 2021
Cross-site scripting in jspdf Moderate
CVE-2020-7691 was published for jspdf (npm) May 11, 2021
Regular Expression Denial of Service in content High
CVE-2017-16111 was published for content (npm) Jul 24, 2018
Cross-site Scripting in remarkable Moderate
CVE-2019-12043 was published for remarkable (npm) May 29, 2019
LeSuisse
Code injection in mock2easy Critical
CVE-2020-7697 was published for mock2easy (npm) May 6, 2021
Regular Expression Denial of Service in postcss Moderate
CVE-2021-23382 was published for postcss (npm) Jan 7, 2022
DeeDeeG Towerism
ProTip! Advisories are also available from the GraphQL API